Multiple tech news sites have reported that event-stream , a popular JavaScript library with almost two million weekly downloads, contained malicious code for several weeks. It was first reported in a GitHub post last week, but developers were only able to decipher the purpose of the code yesterday. The code targeted users of the cryptocurrency wallet Copay, and was designed to steal Bitcoin and Bitcoin Cash. GitHub user right9ctrl injected the malicious code in a package called flatmap-stream after offering to help maintain the library, according to a post on the Snyk security blog. Handing off control to other users happens frequently in open source communities, as the original authors and maintainers move on to other projects. Adding libraries as dependencies is also common in open source, although the event-stream npm package hadn't been substantially updated for about two years prior to September 2018, when flatmap-stream was first added. According to Ars Technica, the next phase ...


I guess you came to this post by searching similar kind of issues in any of the search engine and hope that this resolved your problem. If you find this tips useful, just drop a line below and share the link to others and who knows they might find it useful too.

Stay tuned to my blogtwitter or facebook to read more articles, tutorials, news, tips & tricks on various technology fields. Also Subscribe to our Newsletter with your Email ID to keep you updated on latest posts. We will send newsletter to your registered email address. We will not share your email address to anybody as we respect privacy.

This article is related to


web dev,nodejs,javascript library,security vulnerabilities,backdoor,npm package,event-stream